I’d like to shift Chrome’s XSS Auditor to block-by-default: https://groups.google.com/a/chromium.org/forum/m/#!topic/blink-dev/aZsNygF84JM … WDYT, Internets?
I know making stuff even more complicated is, in general, a bad idea, but: can you skip XSS auditor for properly nonced scripts?
-
-
then this would be a lot less relevant for any site with useful CSP
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.